From: John Richard Moser <nigelenki@comcast.net>
To: Adrian Bunk <bunk@stusta.de>
Cc: Dave Jones <davej@redhat.com>, linux-kernel@vger.kernel.org
Subject: Re: Linux Kernel Audit Project?
Date: Mon, 17 Jan 2005 13:06:45 -0500 [thread overview]
Message-ID: <41EBFEB5.5080807@comcast.net> (raw)
In-Reply-To: <20050117123813.GO4274@stusta.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adrian Bunk wrote:
> On Mon, Jan 17, 2005 at 02:47:32AM -0500, John Richard Moser wrote:
>
[...]
>
> What exactly do you want to audit for?
>
Security holes
> If it's only for "ordinary" bugs, that's simply not feasible.
> The amount of patches going into 2.6 is currently at about 3 MB every
> week. You can hardly keep up with all of that - and even if you were
> able to do so, some theoretically correct patch might break in practice
> due to hardware bugs or bugs in some toolchain.
>
Understood.
> Regarding security audits:
> They aren't a bad idea, and not bound to new patches - much legacy code
> in the kernel has for sure more bugs than new code. The linus-kernel way
> for such a project is not to scream "We need SOMETHING" - the
> linux-kernel way is that you start with the work to get the ball rolling
> (and if other people are interested to work in the same area, give them
> some guidance).
>
I'm nowhere near being able to actually do a security audit. I
understand what an audit is, I understand what causes vulnerabilities,
but I'd probably only be able to see the most obvious things (like
strcpy(a,"Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") into a[4]).
If I had a few more years of experience, college out of the way, a good
job, and had some of my other projects moving along, maybe. . . .
> cu
> Adrian
>
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB6/61hDd4aOud5P8RAiTiAJ4jUrPCHj3f+NT5RsgKUGUXO4PSGQCfXW3E
SWJkAfcoqcbW9hD2Ew33R18=
=hnty
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2005-01-17 18:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-17 7:17 Linux Kernel Audit Project? John Richard Moser
2005-01-17 7:31 ` Alban Browaeys
2005-01-17 7:32 ` Dave Jones
2005-01-17 7:47 ` John Richard Moser
2005-01-17 12:38 ` Adrian Bunk
2005-01-17 18:06 ` John Richard Moser [this message]
2005-01-17 7:40 ` John Richard Moser
2005-01-17 12:23 ` Alan Cox
2005-01-17 18:12 ` John Richard Moser
2005-01-17 18:16 ` Theodore Ts'o
2005-01-17 20:09 ` John Richard Moser
2005-01-17 13:11 ` Diego Calleja
2005-01-17 18:07 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41EBFEB5.5080807@comcast.net \
--to=nigelenki@comcast.net \
--cc=bunk@stusta.de \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox